User menu

This Google™ translation feature is provided for informational purposes only.

The Office of Attorney General's website is provided in English. However, the "Google Translate" option may assist you in reading it in other languages.

Google Translate cannot translate all types of documents, and it may not give you an exact translation all the time.
Anyone relying on information obtained from Google Translate does so at his or her own risk.

The Office of Attorney General does not make any promises, assurances, or guarantees as to the accuracy of the translations provided.
The State of New York, its officers, employees, and/or agents shall not be liable for damages or losses of any kind arising out of, or in connection with,
the use or performance of such information, including but not limited to, damages or losses caused by reliance upon the accuracy of any such information,
or damages incurred from the viewing, distributing, or copying of such materials.

You are here

Victims of Identity Theft and Fraud Offenses State Statutes 2006

Victims of Identity Theft and Fraud

Special State Statutory Provisions for Victims of Identity Theft and Fraud

Information and Notification

Security Breach and Notification – General Business Law § 899-aa *; State Technology Law §208 *
Requires business entities and others who own or license computerized data to notify New Yorkers whose private information was or was reasonably believed to have been acquired by another without authorization. The notice must contain a description of the categories of information breached and be issued to the affected persons by one of the following methods: a) written notice, b) electronic notice, or c) telephone notification. The entity must also inform the Office of the NYS Attorney General, the NYS Department of State's Division of Consumer Protection and the NYS Office of Cyber Security & Critical Infrastructure Coordination of the timing, content and distribution of the notices and approximate number of affected persons. Where more than 5,000 New Yorkers are affected, the business or State entity must also notify consumer reporting agencies. The law also provides for substitute notice to consumers if the State entity or business demonstrates to the Attorney General that the cost of providing regular notice would exceed $250,000, the affected class of persons exceeds 500,000 or the entity or business does not have sufficient contact information. Where substitute notice is used, it must consist of all of the following, as applicable: e-mail notice, conspicuous posting on the entity's website and notification to statewide media.( * See note below. )

Financial Assistance

Compensation Awards – Executive Law §§631(8), 621(22)
Allows for elderly or disabled victims of fraud to seek compensation from the Crime Victims Compensation Board (CVB) to cover out-of-pocket expenses relating to the cost of financial counseling. Compensation may cover the analysis of a victim's financial situation such as income producing capacity, budget and debt management, settling estates, public assistance and other benefits and accessing insurance.

Restitution for Victims of Identity Theft – Penal Law §60.27(1), (2)
Authorizes the court to order a convicted defendant to pay restitution to a victim of identity theft who has suffered economic losses or damages from the "fruits of the offense." Victims may also seek restitution for any actual or consequential financial losses incurred as a result of adverse actions taken against his or her.

Consumer Protection from Deceptive Business Practices – General Business Law §349
Prohibits deceptive acts or practices (e.g., misleading or dishonest acts) in conduct of any business, trade or commerce or in the furnishing of any service. The Attorney General may bring an action to enjoin or stop such unlawful activity and to obtain restitution for victims. In addition, any person harmed by a deceptive practice may bring a civil action to recover actual damages or $50, which is greater. The court may increase the award of damages to an amount not exceeding three times the actual damages up to $1,000 if the court finds that the defendant willfully or knowingly violated the statute. The court may also award reasonable attorney's fees to the prevailing consumer.

Home Improvement Contracts and Frauds – General Business Law §772
Authorizes homeowners who were induced to contract for home improvement services based on a contractor's false verbal or written statements to sue for actual damages, a penalty of $500 and reasonable attorney's fees.

Employment and Credit Services – Executive Law §642(4)
Permits victims of financial crimes to request the assistance of law enforcement agencies to explain to creditors on their behalf the nature of the crime as well as the extent of loss or injury suffered which has prevented them from fulfilling their financial responsibilities.

Access to Justice

Identity Theft as a Criminal Offense – Penal Law §§190.77 – 190.84
Criminalizes identity theft and unlawful possession of personal identification. Provides for misdemeanor and felony penalties when a person's identity is assumed in order to obtain goods, money, property or services; to cause financial loss to a person; or to unlawfully possess certain types of personal identifying information for the furtherance of a crime.

Identity Theft as a Civil Offense – General Business Law §380-s
Creates the civil violation of identity theft. No person shall knowingly and with intent to defraud, obtain, posses, transfer, use or attempt to use credit, goods or services in the name of another person without his or her consent.

Civil Liability for Identity Theft – State Fair Credit Reporting Act– General Business Law §380-l
Provides that a person who knowingly and willfully obtains personal identifying information with intent to defraud may be subject to damages pursued by the victim.

Eavesdropping and Video Surveillance Warrants for Identity Theft – Criminal Procedure Law §700.05(8)(s)
Designates the felony levels of identity theft and unlawful possession of personal identification information to the list of crimes eligible for eavesdropping and video surveillance warrants for law enforcement.

Pyramid Schemes – General Business Law §359-fff
Declares the illegality of a chain distributor scheme, also known as the pyramid scheme. Upon making an investment, a person is granted a license or the right to solicit or recruit for profit additional persons who are also asked to invest and then granted the right to solicit others.

Protection and Prevention Provisions

Security Freeze – General Business Law §380-t
Enables consumers to place a security freeze on their consumer reports thereby restricting access to their credit information by sending a written request to a consumer credit reporting agency by certified or overnight mail. No charges are permitted for victims of identity theft who present a valid copy of a police report or a signed Federal Trade Commission Id Theft Victim Affidavit. Consumer reporting agencies are allowed to charge consumers who are not victims of identity theft a fee of up to $5 for the removal or lifting of a freeze, the second or subsequent placement of a freeze, or the replacement of a lost PIN or password.
** Effective November 1, 2006

Disposal of Personal Records – General Business Law §399-h
Requires businesses to properly dispose of records containing personal information by shredding, destroying or otherwise making the personal identifying information unreadable.
**Effective December 4, 2006

Communication Records Privacy – General Business Law §399-DD
Prohibits the sale, fraudulent transfer or solicitation of telephone record information without written consent from the consumer.

Confidentiality of Social Security Numbers – General Business Law §399-DD
Places limits on the use and dissemination of Social Security Numbers (SSN) beginning January 1, 2008. The law prohibits the intentional communication of an individual's SSN to the general public; restricts businesses' ability to print a SSN on mailings or on any card or tag required to access products, services or benefits; prohibits businesses from requiring an individual to transmit his or her unencrypted SSN over the Internet; and requires businesses possessing SSN to implement safeguards and limit unnecessary employee access to the data.

Unsolicited Telemarketing Calls –"Do-Not-Call"– General Business Law §399-z
Prohibits telemarketers from calling consumers who have requested not to be called by registering with the "do-not-call" telemarketing registry.

Anti-Phishing – General Business Law §390-b
Prohibits the deceptive solicitation of personal information through the use of electronic communications such as a web page or e-mail.

Door-To-Door Sales – Personal Property Law §§ 425-431
Provides consumers with a three day period to cancel a contract which was entered into as a result of a door-to-door sales tactic.

Automatic Dialing Devices and Blocking by Telemarketers – General Business Law §399-p(5), (6-a)
Prohibits the placement of a call by an automatic dialing device to an emergency telephone line or any law enforcement agency. Telemarketers cannot block their names and telephone numbers from the caller identification devices used by consumers to monitor their calls.

* Note: As of the date of this document's publication, Find Law has not updated its online posting of NYS law to reflect this new reference. Consult a hardcopy of the law.